1.888.749.9800

Blog

  • Permalink Gallery

    What are the five most critical steps to take during the first 48 hours post data breach?

What are the five most critical steps to take during the first 48 hours post data breach?

1. Protect – The first and most important (time sensitive) step is to protect your environment and prevent additional damage and/or data loss.  This could be as simple as disconnecting from any wired and wireless networks.  Also disconnect any local backup drives that could overwrite previously archived data.

2. Communicate – It is vital to […]

By |November 16th, 2017|Blog, Security Breach|Comments Off on What are the five most critical steps to take during the first 48 hours post data breach?

Can Additional Legislation Improve IoT Security

I was recently asked if increased legislation could help improve IoT security, and how it will affect the IT department. Here’s my response:

Legislation can absolutely help IoT security by ensuring that manufacturers follow common core principles, strategies and infrastructure. The Cybersecurity Improvement Act of 2017 is an example of how legislation can compel manufacturers to […]

By |October 23rd, 2017|Blog, IoT|Comments Off on Can Additional Legislation Improve IoT Security

Qualifying IT Security Risks

How should a small organization quantify risk when it comes to IT security?  

In my last post, I discussed how people with little or no IT security experience are often put in charge of IT security at small companies. I explained how they might approach telling their boss how things are going on the security […]

By |October 5th, 2017|Blog|Comments Off on Qualifying IT Security Risks

Tips to Maintain IT Security Equilibrium at a Small Company

Ask where somebody working in IT security at a small company got started, and there is a good chance it had nothing to do with IT security at all.

Considering the management infrastructure of the typical small organization, IT security is usually handed off to somebody who knows little about it, usually somebody from the IT […]

By |September 27th, 2017|Blog, Security Breach|Comments Off on Tips to Maintain IT Security Equilibrium at a Small Company

Most Commonly Overlooked Components of Operational Security

I was recently asked to comment on the most commonly overlooked components of operational security. To get the correct answer, sometimes it helps to take a step back and make sure you are asking the right question. The question should be “How do you ensure that your security program satisfies your operational security requirements?” With that question, […]

By |September 5th, 2017|Blog, ISO 27002|Comments Off on Most Commonly Overlooked Components of Operational Security
  • Permalink Gallery

    What role should security analytics play in information security programs today?

What role should security analytics play in information security programs today?

No one can argue that analyzing the security state of your IT environment (in a comprehensive and integrated manner) and taking proactive measures to prevent security incidents is the right way to manage an IT operation.  

The problem with Security Analytics isn’t a failure of vision; everyone agrees that we should be able to take […]

By |August 17th, 2017|Blog|Comments Off on What role should security analytics play in information security programs today?
  • Permalink Gallery

    The Future of Our Energy Grid: Vulnerabilities as it Shifts from Fossil Fuels to Renewable Sources

The Future of Our Energy Grid: Vulnerabilities as it Shifts from Fossil Fuels to Renewable Sources

Our electric grid is comprised of generation facilities, high voltage transmission networks, substations, renewable point generation sources, and low voltage distribution networks.

Protecting the electric grid from cyber-attacks is complicated by its enormous scale – upwards of 7,000 power plants, more than 150,000 miles of high voltage transmission lines, and more than 50,000 substations. Some are […]

By |August 1st, 2017|Blog, Security Breach|Comments Off on The Future of Our Energy Grid: Vulnerabilities as it Shifts from Fossil Fuels to Renewable Sources
  • Permalink Gallery

    The Best IT Security Policies Reflect the Value of Simplicity

The Best IT Security Policies Reflect the Value of Simplicity

90 percent of what we do to help people get better security is focusing on straight-forward common sense and having consistent policies and procedures.

To be good at what we do, we always work to make things as simple as possible for our customers because we recognize human behavior, and it is so much easier to remember and do simple […]

By |July 17th, 2017|Blog, Security Breach|Comments Off on The Best IT Security Policies Reflect the Value of Simplicity

What Comes First, the 27001 or the 27002 ISO Standards?

There is something quirky about the 27000 series of standards published by the International Organization for Standardization (ISO).

Perhaps it is presented deliberately this way as a lesson in due diligence. Perhaps it is just a random error. But the standards are in the wrong numerical order. Judging from our interactions with company IT organizations, this […]

By |June 8th, 2017|Blog, ISO 27002|Comments Off on What Comes First, the 27001 or the 27002 ISO Standards?

Tips to Protect Against Ransomware

Following the Wannacry outbreak, we were reading about another attack, called Adylkuzz. Both cyberthreats rely on a Windows bug that was patched on March 14 and only affect PCs that haven’t installed the latest version of Microsoft’s software updates.

In light of this news, I thought it would be timely to talk about some common sense recommendations […]

By |May 22nd, 2017|Blog, Security Breach|Comments Off on Tips to Protect Against Ransomware

Disaster Recovery & Cybersecurity

I’d like to share answers to questions recently asked about disaster recovery.

1. What advice would you give to tie cybersecurity protection and IT disaster recovery together for business continuity?

There are a number of activities performed by the IT operational group within an organization that deal with Disaster Recovery. They include performing data backups, using primary/backup datacenters, and […]

By |May 9th, 2017|Blog, Security Breach|Comments Off on Disaster Recovery & Cybersecurity

Tips to Prevent Online Identity Theft

There are few new trends in online identity theft, although some attacks are becoming more sophisticated, the basic steps to prevent exploits remains the same.

Be on the lookout for attacks that use broken English in the message body. While most now use proper English and use the same style and logos that are used by […]

By |April 24th, 2017|Blog, Security Breach|Comments Off on Tips to Prevent Online Identity Theft

Network Access Control (NAC)

Controlling access to the network is fundamental security control. For shared networks, the capability of users to connect to the network should be restricted. Well known security frameworks such as ISO 27002, Information technology – Security techniques – Code of practice for information security management, includes this control as a recommendation. And the […]

By |April 11th, 2017|Blog, ISO 27002, Uncategorized|Comments Off on Network Access Control (NAC)
  • Permalink Gallery

    Some Basic but Effective Advice for Secure Online Transactions

Some Basic but Effective Advice for Secure Online Transactions

Just about everybody shops online these days. Even so, many people worry about security issues and fraud.  I was recently asked if I could share some high-level tips and best practices for online transactions. Here is what I recommend:

  1. Try to consolidate all online purchases onto a single credit or debit card.  That way, you […]
By |March 10th, 2017|Blog|Comments Off on Some Basic but Effective Advice for Secure Online Transactions

How Big an Issue is Security; How can it be Addressed?

Other than the technology itself of an IoT device and the service it provides, the single most important characteristic that will define either success or failure, no matter what the size of the business, will be the security of that device.

The IoT is only in its infancy and yet there have already been an alarming […]

By |March 6th, 2017|Blog, Security Breach|Comments Off on How Big an Issue is Security; How can it be Addressed?